He recorded calls? How the heck is he planning to escape jail? Seems to me many other security flaw researchers have done much less and been prosecutedā¦
Exactly. Itās one thing to point out that something like that can be done and another to actually do it. Recording calls (especially to a Federal agency) is a serious legal matter even if it wasnāt done maliciously.
Our government has made it clear that such a thing is only a āserious legal matterā if someone gets taken by a whim and decides to make an example of you, rather than being a ārealā legal issue that law enforcement should really worry about, you know? I mean, itās not like this guy was listening to the calls - he was only really collecting metadata, you know. And he didnāt target anyone in particular, nor did he target everyone, so itās okay.
That said, yeah, this guy is asking to be thrown under the bus.
I didnāt realize this was a real thing. Iād always assumed crap results in the google maps, were just crap, fly-by-night companies that I didnāt want to do business with anyway. Itās not like spammers are spending time creating a custom photo and real website and significant numbers of customer reviews is it?
Butā¦ butā¦ for a couple days, at least, you can use Google Maps to catch Pokemon!
I hadnāt heard of it either ā but a bit of searching indicates that crooked locksmith firms in particular have been doing what Cory encountered with Google Maps for years. I guess it works better with things like locksmiths and tow trucks because not hearing about the firm until you tried to use them would be pretty common.
Itās interesting to note that the enabling culprit here is Google Places, which has long been an opening for all sorts of mischief, entire due to the ridiculous manner in which its set-up.
A couple of years ago, a client of mine discovered that a Google Places page existed for their business (an adoption agency) even though they had never created a GP page. They also discovered that the page had an incorrect phone number. Calling that number got you through to the actual agency phone number, but there was an obvious delay in connecting.
They investigated and discovered that a marketer they had worked with had taken it upon themselves to create the GP page (Yes, under Google Places, you donāt have to own the business to start a GP page for it.) The phone number rang into the marketerās office, then re-routed to the adoption agency. They were told it was just to measure phone traffic from the GP page, but, obviously, they could well have recorded conversations if they wanted.
The agency went and created their own GP page (with the correct info, phone number, etc.) but, the way Google Places works is if there are competing pages for the same business, the data will slowly become blended, and somehow the ārealā information wins out. Itās nuts. Even after the marketer took down his GP page, the two GP pages remained blended for several months until the real page won.
Nothing here really constitutes an attack against Google Maps, or any other Google service for that matter. Itās just a demonstration of the sort of stuff you can do with them as currently provided.
Using powertools to convert your truck into a tank a-team style isnāt an attack on the hardware store.
Might lead to one though.
Just goes to show that this new-fangled Google stuff is no replacement for your goodāol, reliable Yellow Pages!
I have a friend whose home phone number and building street address (but not apartment number) somehow ended up associated with the embassy of an African nation.
It now shows up in Google Maps, Citysearch and Yahoo Local, but also in Superpages.com, Dexknows.com, Yellowpages.com, Switchboard.com and other phone directory sites. I havenāt seen a physical phone book to see if itās listed there, too. The friend has absolutely no idea how his info came to be associated with the country in question.
Well, google maps has always sucked quite badly at producing decent results for nearby relevant businesses, so much so that yelp is better (and given how much yelp sucks, thatās saying quite something). Just yesterday I was trying to find an excellent seafood market about a mile from my house whose name Iād blanked on - google maps spat up all kinds of random diners and places like trader joes, but never the market in question. I finally found it using yelp, then just to test, typed the name of the place (which includes the words āseafoodā and āmarketā) into google maps which promptly displayed it (so they had it in their database). Kind of odd given how good their regular search is.
Oh no, thatās not true. Merely pointing out the security hole gets you prosecuted now.
He went to the Secret Service and demonstrated the exploit to them, after it got some traction on Mikeās blog. It certainly got theirs and Googleās attention.
Microsoft is performing a valuable (red team) service to the g+ design team. Hopefully, Maps will be the next Google service to be put behind Google encrypt everything wall and phishers, cookie pushers and other malefactors masquerading as advertisers will get the same treatment.
While I am bothered by Googleās lack of security, I have to ask why Microsoft is tasking experienced engineers with breaking into Google services instead of fixing their own holes which even a ten year old could go through?
Bryan doesnāt work for Microsoft.
No one at Microsoft is breaking into Googleās services. Bryan doesnāt work for Microsoft.
This topic was automatically closed after 5 days. New replies are no longer allowed.
